Cloak Security Chief 23pds Warns: Teams Lacking Technical Foundations Blindly Deploying OpenClaw Are Just Creating New Vulnerabilities
(Background: The First Victims of OpenClaw Have Appeared! 4 Security Bottom Lines to Know Before Installing Little Lobster)
(Additional Context: After the Rise of OpenClaw: An Open-Source Little Lobster Shaking Up Which US Stocks?)
Recently, the open-source AI agent project OpenClaw has been regarded by many as an “automation gold mine.” However, this morning (11th), Cloak Security Chief 23pds issued a warning: without a solid technical foundation, attempting to jump on the bandwagon and deploy blindly may not bring wealth but could expose you to extreme risks and disaster.
OpenClaw is a filter; companies with computing power and security capabilities can turn it into a productivity tool. But teams lacking technical foundations will only turn it into a new risk. Companies trying to cut corners or ride the hype should first assess their real needs. If your business system and security capabilities are already a mess, there’s no need to follow blindly.
True opportunities always belong to those who understand the field, not speculators.
— 23pds (Shan Ge) (@im23pds) March 11, 2026
OpenClaw Is a Double-Edged Sword: Opportunities and Vulnerabilities Coexist
23pds posted on X platform that for companies with security capabilities, OpenClaw can indeed be transformed into a productivity tool. But for teams with fundamentally “chaotic” systems, blindly following the trend is meaningless and only creates new vulnerabilities.
He also mentioned that, from a technical standpoint, running models like 7B-14B requires at least an NVIDIA RTX 3060/4060 or higher GPU (VRAM ≥ 8GB), with 32GB or more of RAM recommended. Using cloud APIs (like Claude) can cost dozens to hundreds of dollars per month in token fees.
These costs are often underestimated by opportunists lacking technical evaluation skills.
Three Major Security Threats: From Malicious Installers to AI Illusions
Currently, OpenClaw is associated with three major security threats:
First is malicious installer infiltration. Several malicious npm packages disguised as “openclawai” have been found, designed to steal crypto wallet private keys and sensitive information from Apple Keychain. The “USB version” circulating in the market may also carry malicious skills; once installed, they grant hackers high-level access to system internals.
Second is search result poisoning. Hackers conduct SEO poisoning on search engines like Bing, leading users seeking to download OpenClaw to fake websites that install backdoored programs.
Third is AI hallucination risks. There have been cases where AI agents, due to hallucinations, generate false warehouse IDs, causing deployment shifts during development and leading projects astray.
The rise of OpenClaw marks progress in the AI agent era, but technological enthusiasm should not overshadow basic cybersecurity awareness. Protecting private keys and system permissions is more important than blindly following any open-source project—after all, code you don’t understand is the biggest threat to your assets.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
RAVE’s hype surge triggers a flood of copycat coin mania, as FF and INX expose the “pump-and-dump” scheme
Recently, altcoins represented by RAVE have sparked a fierce investment craze, but some old star projects like FF and INX have used this wave of hype to carry out “pump-and-dump” operations—rapidly driving up coin prices to lure retail investors to buy, and then dumping them heavily, causing the price to plunge rapidly. Such behavior not only exposes the project team’s funding difficulties, but also damages investors’ trust. Investors need to stay alert to signals like abnormal short-term surges in order to avoid the risk of being manipulated by the market.
MarketWhisper1h ago
FBI teams up with Indonesia to dismantle W3LL phishing network, with more than $20 million involved
The U.S. FBI and Indonesian police successfully cooperated to dismantle a W3LL phishing network, seizing related equipment and detaining suspects. The W3LL phishing toolkit offers low-priced fake login pages that use man-in-the-middle attacks to easily bypass multi-factor authentication, forming an organized cybercrime ecosystem. This operation marks cooperation between the U.S. and Indonesia in law enforcement against cybercrime; however, the security threats to cryptocurrency users remain severe.
MarketWhisper4h ago
Squads Emergency Alert: Address poisoning and forged multisig accounts; a whitelist mechanism will go live
Solana ecosystem multi-signature agreement Squads issued a warning, pointing out that attackers launched an address poisoning attack against users by using fake accounts to trick users into making unauthorized transfers. Squads confirmed that there was no loss of funds and emphasized that this is a social engineering attack rather than a protocol vulnerability. To respond, Squads has implemented protective measures such as a warning system, non-interactive account prompts, and a whitelist mechanism. This incident reflects the growing social engineering threats in the Solana ecosystem and has prompted ongoing security reviews.
MarketWhisper5h ago
South Korean “retaliation intermediary” agencies charged USDT to carry out violent crimes, and continued operating even after the main suspect was arrested
South Korea has recently seen multiple “revenge intermediary” organizations that use cryptocurrency as a payment method. They offer intimidation and murder services via Telegram. Even though the main culprit has been arrested, related advertisements are still being posted. Police are investigating more than 50 cases and have arrested about 30 people.
GateNews7h ago
Fake Ledger App on Apple’s App Store Drains Musician’s 5.9 BTC Retirement Fund
A fake Ledger app on Apple's App Store deceived musician Garrett Dutton into losing 5.9 BTC by entering his seed phrase. This case highlights ongoing wallet scams and the exploitation of trust, as the stolen bitcoin was laundered through KuCoin.
CryptoNewsFlash11h ago
A CEX Faces Extortion and Refuses to Back Down: Affects About 2,000 Accounts, Customer Funds Are Not at Risk
A certain cryptocurrency exchange was extorted by a criminal organization, which claimed it would release internal system access videos. The exchange confirmed it had not suffered a systemic breach, that customer funds are safe, and that due to improper conduct by customer service personnel, data from approximately 2,000 accounts was accessed. The exchange has revoked the relevant permissions and strengthened security controls. The company is working with law enforcement agencies to investigate.
GateNews14h ago
